Google+ is dead because of a security flaw [updated]

Google today revealed it’d be shutting down the consumer version of Google+ in response to a previously undisclosed security flaw — and also because no one’s really using it.

Earlier today, the Wall Street Journal reported Google discovered the flaw, which exposed the data of thousands of users, earlier this year. It opted not to report it, “in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage.”

Within hours, Google published its own report. Ben Smith, Google’s VP of Engineering, disclosed more information about the security issue, and how it was discovered. An internal review called Project Strobe discovered a bug in one of the site’s APIs which granted access to information on a users’ profile which hadn’t been marked as public.

According to Smith, as many as 500,000 accounts could have been affected, and the data exposed could potentially include things such as name, occupation, or age — but not phone numbers or any other information stored on your Google account. Also, Smith is adamant Project Strobe found “no evidence” this bug was abused or even that the developers using the API were aware it existed.

Following this, Google apparently decided its little social media site that never quite made it wasn’t worth the effort pursuing. According to Smith, the fact no one was using Google+ was a major factor in the decision to shut it down:

This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.

You know, we may joke sometimes that a social network, such as Snapchat is “dead” because it shows a slight drop-off in numbers or because the teenagers don’t seem to like it anymore. But those apps look downright buoyant compared with Google’s own confessed numbers for Google+.

Google also announced that, in addition to shutting down Google+, it’s revamping its account permissions to allow users to pick and choose which data they share with third-party apps. It’s also limiting said apps’ ability to access private data outside of specific use cases.

Google+ will be shutting down over a period of about 10 months, and will vanish by next August. In the meantime, Google says users should stay tuned for more information on how to download their data from the site, should they so desire.

Update 10/9: This post previously stated that Google had neglected to fix the bug that exposed user data. TNW has corrected this to report that Google immediately implemented a fix for the bug.